This issue affects cURL and libcURL when compiled against OpenSSL.
Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
cURL and libcURL 7.4 through 7.19.5 are vulnerable. Additional applications that use the affected library may also be vulnerable.